Icon Group Privacy Policy
Integrated Clinical Oncology Network Pty Ltd and its subsidiaries (“Icon Group”, “Icon”, “we” or “us”) is committed to providing exceptional cancer care and treatment and to protecting your Personal Information while doing so.
We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) which govern how organisations handle your Personal Information.
The principles set out in this policy apply to Personal Information, including Health and Sensitive Information (see definitions below), you provide to us including information provided at consultations, treatments, via our website or under any agreement or arrangement.
The APPs do not apply to de-identified information or statistical data sets, which do not allow individuals to be identified.
Scope
This Privacy Policy sets out and explains how all members of Icon collect, use, store, protect and disclose your Personal Information. The Policy is supplementary to any specific consent you provide. For example, we will normally request your prior written consent for the collection, use or disclosure of your sensitive Health Information.
Definitions
Key terms used in this policy are defined consistently with their definitions in the Privacy Act, as follows:
Term | Definition | ||
Personal information | means information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not. Personal Information as used in this policy covers Health Information and Sensitive Information. | ||
Health information | means: (a) information or an opinion about: (i) the health or a disability (at any time) of an individual; or (ii) an individual’s expressed wishes about the future provision of health services to the individual; or (iii) a health service provided, or to be provided, to an individual; that is also personal information; (b) other personal information collected to provide, or in providing, a health service to an individual (c) other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances; (d) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual. | ||
Sensitive information | means: (a) information or an opinion about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; criminal record; that is also personal information; or (b) health information about an individual; or (c) genetic information about an individual that is not otherwise health information; or (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e) biometric templates |
Collection of Information
We collect Personal Information for the principal purpose of providing you with medical care, treatment and services, as well as for billing and administrative purposes, including submitting health fund claims on your behalf. We will also, where permitted, collect Personal Information for other related or ancillary purposes.
The types of Personal Information that we collect may include your name, address, telephone number, private health fund membership details, and Health Information such as your past, current, and family health conditions, test results, treatments, procedures and medical advice.
Without limiting the foregoing, we may collect Personal Information from you if we consider it to be reasonably necessary to provide health care services, including:
medical history
family medical history
next of kin
ethnic background
current lifestyle and activities
clinical observations
test results
billing information
Medicare numbers
Concession Card numbers
Department of Veterans Affairs information
Private health insurance membership numbers and details of level of cover
In most circumstances we will collect your Personal Information directly from you rather than third parties. But if necessary and permitted by law, we may need or be required to collect Personal Information from third parties. For example, in cases of emergency where collection of your Personal Information is necessary to prevent or lessen a serious and imminent threat to your life or health, then we may collect such information from third parties without your consent if you are physically or legally incapable of doing so.
You are not obligated to disclose your Personal Information to us. However, if you do not provide the information requested, we may not be able to provide you with the best possible health care or meet the expectations you may have of us as care providers.
In some cases, we will require you to specifically consent to any collection, use or disclosure of your Personal or Health Information as part of a Treatment Consent or Financial Consent, or other specific consent.
In most cases your consent will be requested in writing, but we may also accept your verbal consent. Sometimes your consent may also be implied through your conduct with us, or due to anticipated activities/reasons ancillary to the primary purpose of your prior consent.
Icon will destroy unsolicited information where it is determined that the information would not normally have been collected.
Use and disclosure of Information
We may use and disclose your Personal Information for the purpose for which it was collected, including related secondary purposes, and for other purposes authorised by you or required by law.
Examples of uses and disclosures of your Personal Information may include:
a) Use and disclosure amongst health professionals to provide treatment
Modern health care practices require a patient’s treatment to be provided by a team of health professionals. These health professionals share patient Personal Information as part of the process of providing treatment. This is managed while maintaining confidentiality and protecting the patient’s privacy in accordance with the law. Personal Information will only be disclosed to those health care professionals directly involved in a patient’s treatment. Icon may disclose Personal Information via electronic processes or standard or express post where relevant.
b) Your General Practitioner or referring Medical Specialist
Icon may send a discharge summary or letter to your referring medical practitioner, nominated practitioner and/or General Practitioner following consultation or treatment. This is intended to inform the referring practitioner of information that may be relevant to any ongoing care or treatment provided by them. Icon will confirm the most up to date details of your nominated General Practitioner at the time of consultation/treatment.
c) Other health service providers
Medical practitioners or health care facilities that require access to patient health records of treatment will require an authorisation from you to provide a copy of the medical record to that medical practitioner or health care facility. Disclosure will be provided without consent if it is not reasonable or practicable to obtain consent and Icon reasonably believes that the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety.
d) Students, medical, nursing, allied health disciplines
Medical, nursing and allied health disciplines undertake placements at Icon facilities. As part of their placement, students may access patient health records of treatment. All students undertaking placement with Icon sign a Confidentiality Agreement.
e) Relatives, guardian, close friends or legal representative
In certain circumstances, Icon may provide information about your condition to your next of kin, where you are incapable of giving consent or cannot communicate the consent. Icon will disclose Personal Information where it is satisfied that the disclosure is necessary to provide care or treatment to you or for compassionate reasons, unless you inform us that you do not wish Icon to disclose your Personal Information to any such person. Where you do not have capacity, Icon will disclose information about your health to a person exercising your power of attorney under an enduring power of attorney or advance care directive.
f) Other Icon facilities
Icon will share Personal Information amongst its facilities. This will occur where you are transferred between any of Icon’s facilities, otherwise receiving care at multiple Icon sites or to coordinate your ongoing care.
g) Other common uses and disclosures
Icon may also use and disclose Personal Information in an identified format:
for invoicing, billing and account management
for health funds, Medicare or the Department of Veteran’s Affairs to verify treatment provided and the financial level of cover
for the purposes of complying with any applicable laws, responding to a subpoena or compulsory reporting to State or Federal authorities (e.g. law enforcement or public health and safety circumstances)
when communicating with medical defence organisations, insurers, medical experts or lawyers for anticipated or existing legal proceedings
if it is necessary information for the purposes of protecting a child from the risk of physical or psychological harm
in order to prevent or lessen a serious and imminent threat to life, health or property or a person
if matters are disclosed relating to serious criminal activity that have, or are likely to occur
to third-party service providers who manage some of the services we offer; all of whom are obligated to comply with the Privacy Act 1988 (Cth)
to undertake quality assurance for the purpose of monitoring service delivery standards
for the purposes of sending standard reminders (e.g. appointments or treatment reminders via text message, email, voice mail, or post to addresses disclosed to Icon)
for research purposes
for sharing information with you about our products and services which may interest you (you will always be given the option to opt-out of any marketing communication sent by Icon)
In limited circumstances, we may disclose your Personal Information overseas to countries in which we operate, including the United Kingdom, New Zealand, Singapore, Malaysia, Indonesia, and the People’s Republic of China. Where information is required to be disclosed overseas Icon will take reasonable steps to ensure that the international third party uses your Personal Information in accordance with our Privacy Policy and the Privacy Act 1988 (Cth).
If you request or authorise Icon to transfer your Personal Information, including your Health Information, to another health service provider, Icon will provide a copy or a written summary of such to that other health service provider as soon as practicable.
Access and correction of Personal Information
You may request access to Personal Information we hold about you by:
completing a Consent for Release of Information form and returning it via the details contained on the form.
sending an email to privacy@icon.com.au, or
writing to our Privacy Office.
We take reasonable steps to correct your Personal Information so that it is accurate, complete and up to date, however it is important to keep your Personal Information accurate, complete and up to date at all times. If you believe the Personal Information, we hold about you needs to be updated, please notify us immediately at privacy@icon.com.au.
The Privacy Office will respond to your request as soon as possible.
Security of Personal Information
Icon stores your Personal Information in both paper and electronic forms. The security of your Personal Information is important to us. We take reasonable measures to ensure that your Personal Information is stored safely to protect it from misuse, loss, unauthorised access, modification, interference, or disclosure, and take electronic and physical security measures such as:
Appropriate security on storage of paper records
Use of document shredding and security bins
Authentication and password controls for electronic records
Use of our managed devices and services (e.g. iPads, laptops, email) for transfer of Personal Information.
Icon will destroy or permanently de-identify any of your information which is in its possession or control, and which is no longer needed for the purpose for which it was collected, unless otherwise required by law to be retained.
Periodic audit and risk assessments are conducted to ensure the appropriate availability, integrity and confidentiality of Personal Information is managed through our systems.
In the event of a data breach, Icon will take immediate action to mitigate the breach and will comply with the mandatory data breach requirements of the Privacy Act 1988 (Cth). Icon will assess whether there is a likely risk of any serious harm to affected individuals and if so, will immediately notify such individuals with a description of the data breach, the kinds of information concerned and recommendations about the steps that you should take in response to the data breach.
Interacting with Icon websites
When you use our website(s), we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us.
If you have provided consent to Icon to use your personal information, Icon may use your personal and browsing information to contact you regarding Icon products or services that may be of benefit to you. This consent is provided when:
inputting information via our website(s),
completing forms and submitting them to us, or
opting into emails from Icon.
If you no longer wish to receive marketing communications, you can opt-out at any time by contacting our Privacy Office at privacy@icon.com.au or clicking the “unsubscribe” link in our email messages.
Our priority is safeguarding your data: we follow industry best practices, including data encryption and other security measures. Our team members are trained in data protection and privacy protocols, and we have strict access controls to ensure that only authorised individuals can access the data we collect. We adhere to data protection regulations that apply to our organisation, and we make sure to comply with these and other legally required regulations.
Cookies
Cookies are small text files that may be stored on your device when you visit a website. Icon website(s) may use cookies that allow us to gather anonymous data from website users. We use both session cookies, which are temporary and deleted once you close your browser, and persistent cookies, which stay on your device for a longer period. Persistent cookies help us recognise you when you return to our website. This anonymous data helps us to improve website functionality, enhance your browsing experience, provide personalisation, and for marketing purposes such as (but not limited to) Google advertisements or Facebook advertisements. This data may include (but is not limited to) your internet service provider (ISP), domain name, browser type and the pages you visit.
The cookies we collect do not contain personal information that can identify you directly. We respect your privacy and ensure that any data collected through cookies is used per our privacy policy.
You can opt-out of personalised advertising at any time. Please find instructions below for Google and Facebook advertising:
Google: https://policies.google.com/technologies/ads
Facebook: https://www.facebook.com/help/1075880512458213
By continuing to use our website, you consent to the use of cookies as described. However, you have the option to disable cookies or modify your browser settings to notify you when cookies are being used. Please note that disabling cookies may affect certain features and functionality of our website.
If you have any questions or concerns about our use of cookies or our privacy practices, please contact us at privacy@icon.com.au.
Icon uses Google Analytics to analyse current usage to ensure our visitors get the information and services they need. For more information about this integration with Google, please visit https://policies.google.com/technologies/partner-sites.
To better provide you with information, where relevant, we will link to third-party websites. Icon is not responsible for how these websites, and third parties may collect, use, and share your information. Please refer to their privacy statements before interacting with them. These statements or policies are typically located at the bottom of their webpage.
Privacy Policy changes
Icon may amend the Privacy Policy from time to time in accordance with changes in legislation, regulation, best practice, technology requirements and Icon’s operations and practices.
Enquiries and concerns
If you have an enquiry or concern about the way Icon handles your Personal Information, please contact our Privacy Office, who will respond as soon as soon as possible. Raising a concern will not affect the care you receive from us, however you can choose for someone else to raise a concern on your behalf.
Any unresolved concerns can be dealt with by contacting the Office of the Australian Information Commissioner on:
Email: enquiries@oaic.gov.au
Facsimile: +61 2 9284 9666
Web: https://www.oaic.gov.au/privacy/privacy-complaints
If you do not speak English, or English is your second language, a translated copy of our Privacy Policy is available upon request. We are able to provide our Privacy Policy in hard copy upon request if required.
Privacy Office contact details
The Icon Privacy Office can be contacted in relation to Personal Information or our Privacy Policy via:
Email: privacy@icon.com.au
Privacy Officer
Icon Group
PO Box 3787
South Brisbane, QLD, 4101
Telephone: 07 3737 4582 (to leave a message)
Fax: 07 3737 4501
Request for Information
You may request access to Personal Information we hold about you by completing a Consent for Release of Information form or by emailing or writing to our Privacy Office.
Please note: any requests must be accompanied by photo identification (drivers’ licence or passport). We are unable to process requests without accompanying photo identification.